Share via

Ipsec Site 2 Site VPN In Azure to On-prem. (Straight Forward Configurations) ??

Anonymous
2024-02-09T12:55:52+00:00

Hi All,

Frustrated yet persistent, Lets say the below is my scenario;

The Task : Create a Site 2 Site VPN from Azure to On-prem network.

Sample configurations:

  1. Created Vnet in azure 10.0.5.0/24

Split this into 2 subnets 10.0.5.128/25 sub1 10.0.5.0/28 sub 2 and Gateway Sub 10.0.5.32/27

  1. Created local network gateway and using IP from FW on-prem of 185.181.xx.xx

Address spaces for on-prem 10.1.0.0/16, 172.30.1.0/24

  1. Create public IP 20.49.xx.xx
  2. Created Virtual Network gateway
  3. Created connection using IKEv2 and shared key

Success as the status is connected and on-prem verifies tunnel is connected.

Have a VM in the 10.0.5.0/28 this is 10.0.5.4 However i am unable to ping or touch on-prem devices aswell as on-prem to azure ?

I have added routes in azure ? not sure if this is actually needed, also diabled firewalling to test VM and also allowed on the NSG's and validated ..

Is there something i am missing ?

Much appreciated

Windows for business | Windows Server | Windows cloud | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-10T05:29:15+00:00

    Hi, This is Yu.

    I will support your problem.

    Could you provide a hard copy of the results of the following commands executed on-premises?

    The suspected issues may vary depending on how far the traceroute reaches.

    1. ipconfig /all
    2. route print
    3. tracert 10.0.5.4

    I also share the steps for setting up the Site-to-Site VPN. https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal

    0 comments
  2. Anonymous
    2024-02-12T00:46:48+00:00

    Hello Clinton Ivans (External - BDO),

    Thank you for posting in Microsoft Community forum.

    From the description above, I understand your question is related to Azure.

    Since there are no engineers dedicated to Azure in this forum. in order to be able to get a quick and effective handling of your issue, I recommend that you repost your question in the Q&A forum, where there will be a dedicated engineer to give you a professional and effective reply.

    Here is the link for Q&A forum.
    Questions - Microsoft Q&A

    Click the "Ask a Question" button in the upper right corner to post your question and select "Azure VPN Gateway" tag and any other tags related to your productions.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments